Hardware,
Software and Network Asset Identification:
Automated
tools can sometimes uncover the system elements that make up the hardware,
software, and network components
Once
created, the inventory listing must be kept current, often through a tool that
periodically refreshes the data.
Network Asset Identification:
What
attributes of each of these information assets should be tracked?
When
deciding which information assets to track, consider including these asset
attributes:
Name
IP
address
MAC
address
Element
type
Serial
number
Manufacturer
name
Manufacturer‘s
model number or part number
Software
version, update revision, or FCO number
Physical
location
Logical
location
Controlling
entity
People, Procedures, and Data Asset Identification:
Unlike
the tangible hardware and software elements already described, the human
resources, documentation, and data information assets are not as readily
discovered and documented
These
assets should be identified, described, and evaluated by people using
knowledge, experience, and judgment
As these
elements are identified, they should also be recorded into some reliable data
handling process.
Asset
Information for People:
For
People:
– Position name/number/ID – try to avoid names
and stick to identifying positions, roles, or functions
– Supervisor
– Security clearance level
– Special skills
Asset Information for procedures:
For
Procedures:
– Description
– Intended purpose
– What elements is it tied to
– Where is it stored for reference
– Where is it stored for update purposes
Asset Information for Data:
For
Data:
– Classification
– Owner/creator/manager
– Size of data structure
– Data structure used – sequential, relational
– Online or offline
– Where located
– Backup procedures employed
Classification:
Many
organizations already have a classification scheme
Examples
of these kinds of classifications are:
– confidential data
– internal data
– public data
Informal
organizations may have to organize themselves to create a useable data
classification model
The
other side of the data classification scheme is the personnel security
clearance structure;
Information Asset Valuation:
Each
asset is categorized
Questions
to assist in developing the criteria to be used for asset valuation:
– Which information asset is the most critical to
the success of the organization?
– Which information asset generates the most
revenue?
– Which information asset generates the most
profitability?
– Which information asset would be the most
expensive to replace?
– Which information asset would be the most
expensive to protect?
– Which information asset would be the most
embarrassing or cause the greatest liability if revealed?
Information
Asset Valuation
Create
a weighting for each category based on the answers to the previous questions
Which factor is the most important to the
organization?
Once
each question has been weighted, calculating the importance of each asset is
straightforward
List
the assets in order of importance using a weighted factor analysis worksheet.
No comments:
Post a Comment